<?php

/**
 * File: addUserStorage.php
 * @author: CIS505 ATeam
 * @version: 2012-11-29
 * Purpose: this module has functions that interact directly with the
 *   MySQL database by using the mysqli PHP extension API.
 */


/**
 * inserts user record in the user table of the cWeb database.
 *   the userID field is configured for PKID, auto increment and
 *   is the key used to uniquely identify each user record.
 * 
 *   NOTE: the password is shown for debug only and should be removed.
 *
 * @param string $foreName
 * @param string $surName
 * @param string $userName
 * @param string $eMail
 * @param string $password
 * @param string $token
 */
function insertUser($foreName, $surName, $userName, $eMail, $password)
{
  $salt1 = "qm&h*";
  $salt2 = "pg!@";
  $token = sha1("$salt1$password$salt2");

  $conn = connect( ); // opens connection found in /common/util.php
  $query = "INSERT INTO user VALUES(
    NULL,'$foreName', '$surName', '$userName', '$eMail', '$password', '$token',NULL)";

  $resource = mysqli_query($conn, $query);
  if ($resource == false) {
    exit("Database error: $query<br />" . mysqli_error($conn));
  }
  mysqli_close($conn); // closes connection
}

/**
 * queries the data to return all users
 * @return indexed array of associative arrays, where inner associative arrays
 *   hold user records with keys as: 'userID', 'foreName', 'surName', 'userName', 'eMail', 'password', 'token', 'recordAddDate'
 *
 */
function selectAllUsers( )
{
  $users = array( );
  $conn = connect( ); // open connection
  $query = "SELECT userID, foreName, surName, userName, eMail, recordAddDate 
              FROM user"; // define $query with query string

  $resource = mysqli_query($conn, $query);
  if ($resource == false) {
    exit("Database error: $query<br />" . mysqli_error($conn));
  }

  mysqli_close($conn); // close connection

  for ($row = mysqli_fetch_assoc($resource); $row != NULL; $row = mysqli_fetch_assoc($resource)){
    $users[ ] = $row;
  }
  return $users;
}


/**
 * search function
 * @param string $searchField
 */
function selectSearchedUsers($searchField, $searchFor, $outerSort, $innerSort, $howMany)
{
  $users = array( );
  $conn = connect( ); // open connection

  // only change required. wil be similar for sorting
  $query = "SELECT userID, foreName, surName, userName, eMail, recordAddDate 
              FROM user 
                WHERE $searchField 
                  LIKE '%$searchFor%' 
            ORDER BY $outerSort, $innerSort 
            LIMIT $howMany";

  $resource = mysqli_query($conn, $query);
  if ($resource == false) {
    exit("Database error: $query<br />". mysqli_error($conn));
  }

  mysqli_close($conn); // close connection

  for ($row = mysqli_fetch_assoc($resource); $row != NULL; $row = mysqli_fetch_assoc($resource)){
    $users[ ] = $row;
  }
  return $users;
} 


/**
 * edit selected user record in database
 *  by using the userID as the where clause
 * @param string $userID
 * @return string returns $user array
 */
function editUser($userID, $foreName, $surName, $userName, $eMail)
{
  $conn = connect( ); // open connection
  $query = "UPDATE user 
              SET foreName = '$foreName', surName = '$surName', userName = '$userName', eMail = '$eMail'
                WHERE userID = '$userID'"; // edits user

  $resouce = mysqli_query($conn, $query);
  if ($resouce == false) {
    exit("Database error: $query<br />" . mysqli_error($conn));
  }
  mysqli_close($conn); // close connection
}


/**
 * delete selected user record from database
 *  by using the userID as the where clause
 * @param string $userID
 * @return string returns $user array
 */
function deleteUser($userID)
{
  $conn = connect( ); // open connection
  $query = "DELETE 
              FROM user 
                WHERE userID = '$userID'"; // deletes user

  $resouce = mysqli_query($conn, $query);
  if ($resouce == false) {
    exit("Database error: $query<br />" . mysqli_error($conn));
  }
  mysqli_close($conn); // close connection
}

 
?>